Pardis Emami-Naeini, PhD candidate, Carnegie Mellon University

Yuvraj Agarwal, Assistant Professor, Carnegie Mellon University

Lorrie Faith Cranor, Professor, Carnegie Mellon University

Privacy and Security Nutrition Label for Smart Devices

Our privacy and security label is a tool designed to help consumers make informed purchase decisions for smart devices at the point of sale.

 
 
 

problem

Surveys have shown that consumers want to be informed about data collection, privacy, and security practices of smart devices at the time of purchase. Currently, this information is difficult for consumers to obtain.

solution

We are developing a privacy and security label that includes information on privacy and security practices of the smart device, such as whether or not the device gets cryptographically signed and critical automatic updates or the type of data the device is collecting. In addition to privacy and security information, the label includes some general information about the device, such as the firmware version or where the device was manufactured.

WHO IS THIS FOR?

  • Consumers of smart devices, with or without privacy and security expertise

  • Manufacturers of smart devices

  • Regulators and policy makers

Scenario

Alicia is always excited about technology and cool gadgets. She is a frequent buyer of smart devices. However, she has become super concerned since her last purchased device, which was a smart baby monitor, got hacked and a stranger yelled at her baby. Since then, she tries to search for privacy and security information for smart devices before making the purchase. But this has been very difficult for her as such information is not always easy to find.

If manufacturers of smart devices publish privacy and security labels, Alicia will make an informed purchase decision based on a readily available information at the point of sale. The label will help Alicia and other smart device consumers to consider privacy and security while making purchase decisions.

Learn more

Exploring How Privacy and Security Factor into IoT Device Purchase Behavior
http://www.cs.cmu.edu/~pemamina/publication/CHI'19/CHI19.pdf

 
These are prototype labels based on our initial studies. We expect they will change after we receive input from experts and consumers as we continue iterating on the design of the label.

These are prototype labels based on our initial studies. We expect they will change after we receive input from experts and consumers as we continue iterating on the design of the label.